diff options
| author | yangwei <[email protected]> | 2023-07-23 20:45:16 +0800 |
|---|---|---|
| committer | yangwei <[email protected]> | 2023-07-23 20:45:16 +0800 |
| commit | 0c02227c588f7cd074891a78237335eb86aa78bf (patch) | |
| tree | c63f63056ef2ea1bbc0dc45f4ef8ec3f85583de8 /src | |
| parent | 320851f683d272cc876d4f38479323df9fa20df2 (diff) | |
🐞 fix(l2tp偏移长度计算时,增加长度判断):
Diffstat (limited to 'src')
| -rw-r--r-- | src/MESA_jump_layer.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/MESA_jump_layer.cpp b/src/MESA_jump_layer.cpp index 0803aa8..f91f1c0 100644 --- a/src/MESA_jump_layer.cpp +++ b/src/MESA_jump_layer.cpp @@ -389,6 +389,10 @@ static int __mjl_parse_l2tpv2_hdr(const struct l2tp_hdr_v2 *pl2tphdrv2, struct l if(pl2tphdrv2->offset_present){ offset_size = ntohs(*((unsigned short *)ptr)); + if(offset_size > 1460) + { + return -1; + } ptr += sizeof(short); /* 2 byte fix len offset size */ ptr += offset_size; /* var bytes offset value length */ } |